I can successfully send/receive information to this URL from my local workstation (Vista), my dev servers (Win 2003 R2, Win 2008 R2). When I hit the URL from IE, I get a page that I am supposed to get.

When I hit the URL in my prod server (win 2008 R2), I get a PCBD. And the .asp that uses WinHttp.WinHttpRequest.5.1 returns 'Request Timed Out'.

I have another similar URL [URL#2==>] https://pross1.csacs.cmscorp.net:4001/mypage.asp [Note the port number is different]. This URL is accessible via IE and via the .asp page from anywhere.
But URL#1 is not accessible on my prod server [Win 2008 R2] through IE or through my .asp page.

What are the possible reasons of this happening?
On my prod server --> nslookup for the server works fine; ping works fine; server's firewall (Windows firewall) is completely turned off; Virus Scan (mcafee) is completely disabled (temporarirly). The prod server is a part of our company's DMZ network.

When I access URL#1 in IE and view through netmon.exe, I see two retransmission requests to the destination IP. Thats it. With URL#2, I see a request, a SSL handshake, and it goes on.

Firewall. Period. There are more firewalls/proxies than you know, I guess.
–
mailqAug 17 '11 at 13:57

@maliq I agree. This prod server is a part of DMZ network. And it's got more firewalls. We'd have to request the IT, if we want to open a port or something. But did you notice that the URL#2 was accessible from the same server and why not URL#1? And URL#1 is accessible elsewhere, the problem is only with this server. Both URL#1 and URL#2 are deployed on the same server (per our KB). Before I contact my IT team, I wanna be clear about the problem.
–
gmaran23Aug 17 '11 at 14:03

Sure. But have you noted, that we sit faaaaar away from that server and it is very hard to diagnose from written text? Whereas the IT crowd has direct access to the server and can watch the packet-flow. If you have them, then it's their job to help!
–
mailqAug 17 '11 at 14:22

1 Answer
1

Am I understanding correctly that both URLs you provided exist ON the prod server, i.e. it's a local connection? Also, can you telnet from the prod server to the resolved IP of the destination server (whether local or remote) on the two ports? That can be used to rule out a firewall quickly. If you can't telnet, you can have your IT team monitor the FW logs for DENYs and try the page or telnet at their request.

Good one. The URLs are located on a different server. On my local machine and other dev machines: telnet 18.105.90.92 4001 [URL#2] --> Works. telnet 18.105.90.92 2020 [URL#1] --> Works.On my prod server: telnet 18.105.90.92 4001 [URL#2] --> Works. telnet 18.105.90.92 2020 [URL#1] --> Could not open connection to the host, on port 2020: Connection Failed. So should I ask my IT to review the FW logs for my prod server? In particular the DENYs? I dont understand as why the URL#1 [port 2020] is denied only on this prod machine and works everywhere else.
–
gmaran23Aug 17 '11 at 15:43

Apart from firewall, is there anything else that I should be looking for?
–
gmaran23Aug 17 '11 at 15:47

Based upon the above, this is looking purely firewall. The IT guys will love you if you can give them the source, destination and port. They'll view the logs (likely using "cat" if logging to syslog) and will filter for this information (using "grep" if they're Linux guys). The remote host, for whatever reason, has inbound 4001 open and inbound 2020 closed.
–
TrentAug 17 '11 at 16:00

Thank you for the suggestions. I will get in touch with my IT.
–
gmaran23Aug 23 '11 at 12:44